<?php
/**
 * CheckUserPermission 组件
 * 验证用户是否登录,是否拥有某动作的访问权限
 * 
 * @author zzdboy
 * @version 1.0
 */
class CheckUserPermissionComponent extends Component {
	// 当前控制器
	private $curController = '';
	
	// 当前动作
	private $curAction = '';
	
	// 当前用户id
	private $admin_uid = '';
	
	// 当前用户姓名
	private $username = '';
	
	// 当前角色id
	private $roleid = '';
	
	/**
	 * Called before the Controller::beforeFilter().
	 *
	 * @access public
	 * @return void
	 */
	public function initialize(Controller $controller) {
		$this->curController = $controller->params ['controller'];
		$this->curAction = $controller->params ['action'];
		
		$this->admin_uid = $controller->Session->read ( 'admin_uid' );
		$this->username = $controller->Session->read ( 'username' );
		$this->roleid = $controller->Session->read ( 'admin_roleid' );
	}
	
	/**
	 * 进行是否登录判断,权限判断
	 *
	 * @access public
	 * @param object $controller
	 *        	Controller with components to init
	 * @return mixed
	 */
	public function init(Controller $controller) {
		$this->checkLogin ( $controller );
		$this->checkPermission ( $controller );
	}
	
	/**
	 * 判断是否登录
	 *
	 * @access public
	 * @param object $controller
	 *        	Controller with components to checkLogin
	 * @return mixed
	 */
	public function checkLogin(Controller $controller) {
		// 如果用户未登录,则跳转到登录页
		if (empty ( $this->admin_uid ) || empty ( $this->username ) || empty ( $this->roleid )) {
			$controller->flash ( '你还未登陆，请先登陆!', '/Users/login/', 1250 );
			return false;
		}
	}
	
	/**
	 * 检查是否拥有权限
	 *
	 * @access public
	 * @param object $controller
	 *        	Controller with components to checkLogin
	 * @return mixed
	 */
	public function checkPermission(Controller $controller) {
		
		// 加载Admin model
		$controller->loadModel ( 'AdminRole' );
		$RoleInfo = $controller->AdminRole->GetAdminRoleByID ( $this->roleid );
		
		if (! $RoleInfo || empty ( $RoleInfo )) {
			$controller->flash ( '您没有访问此模块的权限!', '/', 1250 );
			return false;
		}
		
		// 角色权限相关信息
		$data = $RoleInfo ['AdminRole'] ['data'];
		$RolePriv = unserialize ( $data );
		
		// 判断当前用户是否有对当前动作的访问权限
	}
}
